RFC 5879

Heuristics for Detecting ESP-NULL Packets, May 2010

File formats:
icon for text file icon for PDF icon for HTML
T. Kivinen
D. McDonald
ipsecme (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC5879

Discuss this RFC: Send questions or comments to ipsec@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 5879


This document describes a set of heuristics for distinguishing IPsec ESP-NULL (Encapsulating Security Payload without encryption) packets from encrypted ESP packets. These heuristics can be used on intermediate devices, like traffic analyzers, and deep-inspection engines, to quickly decide whether or not a given packet flow is encrypted, i.e., whether or not it can be inspected. Use of these heuristics does not require any changes made on existing IPsec hosts that are compliant with RFC 4303. This document is not an Internet Standards Track specification; it is published for informational purposes.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search